On 07/02/14 10:54, Waldemar Brodkorb wrote: > Hi, > > just trying to build 5.5 stable branch and seeing that
...[checkout/compile/install as root]... > Wouldn't it be better to tell the user to add the local non-root > user to the wsrc group and then just do it without root permissions? > (changing # into $ in the examples) why? Answer thoughtfully, not reflexively, please. You are building code that all system security depends on. If you don't trust the user doing this, you have a problem, doing it as non-root changes this situation not one bit. You have to be root to install the kernel and the userland anyway. If you wish to build userland without being root, you need sudo configured without a password (or be sitting around to respond when it asks for a pw). Again, not really improving security. Maybe lessening it if that's against your needs. Good administrative practices? Very possibly. But this comes down to local administrative policies set by people looking at the situation at your site. Minimizing the damage of "rm -rf /" is good. Turning off passwords on sudo if that's otherwise your policy is not good. There's a philosophy that what you are doing here could totally f*** your system up. Not doing it as root and pretending what you do couldn't hurt things is bad. Maybe seeing the "#" prompt reminds you there are sharp edges here. me? IF I'm doing this on a "General Purpose" machine, I'd probably check out as me, compile kernel as me, "sudo make install" the kernel, and "sudo make build". I should probably "SUDO=sudo make build", but hey, if there's something wrong in the build scripts that this saves me from, it would probably be best for all of you that I find out, right? :) If I'm building on a machine dedicated to building...I'm not seeing a lot of benefit to not just doing it all as root. Nick.
